A cross site scripting issue has been found in the Pulse Connect Secure and Pulse Policy Secure PCS/PPS products. The problem is a result of incorrect user input validation on the PCS/PPS web server. The issue exists within a web page that is only accessible by an authenticated administrator session.

Pulse Secure security team is not aware of any malicious exploitation of this vulnerability.

No other Pulse Secure products or platforms are affected by this issue.

Successful exploit of this vulnerability could allow an attacker to dynamically create arbitrary active content which could be rendered in the user's browser, leading to possible session theft, service disruption, or other information disclosure.